Security Engineer — Application & Infrastructure Security

Ansh Raj

Security Engineer with strong experience across pentesting, infrastructure security, and DevSecOps, on real-world production systems. Breaks applications and infrastructure to uncover critical weaknesses, and builds security controls to prevent them — offensive testing plus defensive engineering for practical, end-to-end improvements.

Get in touch Download Resume ↓
Ansh Raj
Scroll to explore
1yr+ Industry Experience
15+ Security Tools Deployed
3 Hall of Fame Credits
Top 1% TryHackMe Global

About Me

I’m a Security Engineer with strong experience across pentesting, infrastructure security, and DevSecOps, working on real-world production systems at Hashira Works (Hyderabad, India) — including Garden Finance and related environments.

I’m skilled at breaking applications and infrastructure to uncover critical weaknesses, and at building effective security controls to prevent them. I combine offensive testing with defensive engineering so findings turn into practical, end-to-end security improvements — not one-off reports.

That shows up as hands-on VAPT, attack-surface work, Zero Trust and edge controls, container and CI/CD security, and detection pipelines backed by Wazuh, Suricata, and Falco — with clear write-ups and measurable follow-through.

Experience

Security Engineer I
Hashira Works Pvt. Ltd. · Hyderabad, India
Sep 2025 — Present Full-time · 8 mos
  • Performed application and infrastructure penetration testing across production systems (Garden Finance and internal services), identifying and validating vulnerabilities including IDOR/BOLA, access control issues, and critical misconfigurations.
  • Led attack surface discovery and asset enumeration using Amass, Subfinder, ffuf, and Nmap to uncover externally exposed services and hidden endpoints.
  • Designed and implemented Zero Trust access controls using Cloudflare Tunnel and Access policies, eliminating direct exposure of backend infrastructure (origin cloaking).
  • Developed a container security pipeline using Trivy with SBOM generation and centralized ingestion into Wazuh SIEM for continuous vulnerability visibility.
  • Engineered detection and monitoring pipelines using Wazuh, Suricata, and Falco, enabling real-time alerting and improved threat detection across infrastructure and containers.
Security Engineer Intern
Hashira Works Pvt. Ltd. · Hyderabad, India
Feb 2025 — Aug 2025 Internship · 7 mos
  • Executed application security testing across APIs and web services, identifying vulnerabilities such as IDOR, authentication bypass, and input validation flaws.
  • Performed structured reconnaissance and enumeration using Subfinder, ffuf, and Nmap to map attack surfaces and identify potential entry points.
  • Assisted in deployment and configuration of Wazuh SIEM for centralized log collection, alerting, and initial detection rule tuning.
  • Integrated Trivy-based container vulnerability scanning into development workflows to enable early detection of high and critical CVEs.
  • Analyzed alerts, validated vulnerabilities through proof-of-concepts, and collaborated with engineering teams to support remediation and security hardening.
Penetration Tester Intern
CFSS
Jun 2024 — Jul 2024 Internship · 2 mos
  • Conducted web application and network penetration testing using Burp Suite, Nmap, and Metasploit in controlled lab and simulated environments.
  • Identified and exploited vulnerabilities including SQL Injection, IDOR, and authentication flaws aligned with the OWASP Top 10.
  • Performed reconnaissance and enumeration to map application logic, endpoints, and network attack surfaces.
  • Executed exploitation and post-exploitation techniques including privilege escalation and lateral movement.
  • Documented findings with detailed proof-of-concepts and actionable remediation recommendations following industry best practices.

Skills

Offensive security

Web & API pentesting VAPT OWASP Top 10 BOLA / IDOR Burp Suite Metasploit ffuf Subfinder Amass Nmap

Security engineering

Application security Infrastructure security System hardening Threat modeling

DevSecOps

CI/CD security Secure workflows Automation Trivy SBOM Container scanning

Detection engineering

SIEM Log analysis Threat detection Alert tuning Wazuh Suricata Falco

Cloud & infrastructure

Zero Trust Cloudflare Tunnel & Access WAF Linux Virtualization

Identity & endpoint

Access control RBAC MDM Endpoint security

Compliance

SOC 2 GDPR Policy & evidence

Languages

Python Bash Rust

Projects

Syntr1x — Autonomous Pentesting Agent

AI Security · Automation · Apr 2026 — Present

MCP server enabling AI agents to run structured bug-bounty-style workflows; modular TypeScript MCP + Python agents for recon, scanning, exploitation, and reporting; session-based workflows and centralized findings storage; integrates with Claude, GPT, and similar agents for adaptive security testing.

MCP TypeScript Python Automation AI Agents

Wazuh-Based Security Monitoring Platform

Open Source XDR · SIEM · Dec 2025 — Feb 2026

Centralized XDR/SIEM on Wazuh with host, container, and network telemetry; custom detection rules for suspicious activity, brute force, and anomalous behavior; log ingestion, alerting, and correlation tuned for visibility and lower noise; continuous monitoring across systems.

Wazuh SIEM XDR Detection Rules

Git Security Automation — Branch Protection System

DevSecOps · Security Automation · Nov 2025 — Dec 2025

Webhook-driven automation enforcing secure repo workflows on creation: protected branches, PR requirements, merge restrictions, and RBAC-style approvals; event logging for audit visibility; standardized policies across repositories at scale.

Git Webhooks Branch Protection DevSecOps

ShadowDNS Spy

Open Source · DNS recon · Jun 2025 — Jul 2025

DNS reconnaissance and analysis for assessments: multi-record resolution, SPF / DKIM / DMARC checks, structured exports (JSON, CSV, XLSX), and optional views to speed up analysis during recon workflows.

DNS SPF / DKIM / DMARC Recon Reporting
shadow-dnspy on GitHub ↗

Achievements

NASA — Hall of Fame
Recognized for responsible disclosure through NASA's security program.
Air Canada — Hall of Fame
Acknowledged for vulnerability disclosure to Air Canada's security team.
Village Roadshow — Hall of Fame
Listed for responsible security finding disclosure.
TryHackMe — Top 1% Global
Ranked in the top 1% of hackers worldwide on TryHackMe platform.
CTF — Indian Cyber Security Solution
Competitive CTF participation and hands-on exploit / defense challenges.

Certifications

CEH — Certified Ethical Hacker EC-Council
eJPT — eLearnSecurity Junior Penetration Tester INE
Jr Penetration Tester (PT1) TryHackMe
OSCP — Offensive Security Certified Professional OffSec · In progress
OSWP — Offensive Security Wireless Professional OffSec · In progress

Education

Bachelor of Technology in Computer Science & Engineering
Lovely Professional University · Phagwara, Punjab
Aug 2021 — May 2025

Blog

Notes on detection engineering, offensive methodology, tooling, and shipping security that sticks — longer reads live off-site; add your RSS or platform when ready.

Read on Medium ↗

Let's connect

Open to application security, VAPT, and security engineering roles — full-time or contract.

Ready to work together?

I’m always interested in new opportunities and collaborations. Whether you need application security and VAPT, penetration testing with remediation support, DevSecOps and pipeline-integrated testing, or detection and compliance depth on top of that, feel free to reach out.

Phone +91 9155452233 Email theanshchaurasiya@gmail.com LinkedIn /in/theanshchaurasiya ↗ GitHub /theanshchaurasiya ↗